France Confirms Data Breach After Hackers Claim Massive Data Leak

France has confirmed a major cybersecurity breach impacting one of its most critical government systems, following claims by threat actors that sensitive citizen data had been leaked online.

The French National Agency for Secure Documents (ANTS), which manages identity cards, passports, driver’s licenses, and vehicle registrations, disclosed that its central portal (ants.gouv.fr) was compromised on April 15, 2026.

The breach is now believed to potentially affect up to 19 million individuals, making it one of the largest public-sector data exposures in the country.

According to official statements, attackers gained unauthorized access to backend systems and extracted a large volume of personal and account-related data.

The Ministry of the Interior acknowledged the incident, while ANTS technical teams, supported by national cybersecurity authorities, are actively investigating the intrusion vector and assessing the full extent of the compromise.

Exposed Data Details

ANTS confirmed that while the breach is serious, certain critical elements remain unaffected. Notably, document attachments submitted during administrative procedures and direct account access credentials were not compromised.

However, the exposed dataset includes a wide range of personally identifiable information (PII), such as:

• Account identifiers and login IDs
• Full names, including surnames and given names
• Email addresses and phone numbers
• Dates and places of birth
• Residential addresses and identity verification data

This type of aggregated identity data significantly increases the risk of targeted cyberattacks, particularly phishing and identity fraud campaigns.

French authorities have initiated a coordinated, multi-agency response to contain the breach and identify those responsible.

The incident has been formally reported to several regulatory and law enforcement bodies:

• CNIL (France’s data protection authority), under GDPR Article 33 requirements
• ANSSI (National Cybersecurity Agency), which is assisting with forensic analysis
• The Paris Public Prosecutor, triggering a criminal investigation under Article 40

Security teams have already implemented additional safeguards to protect remaining systems while maintaining service availability.

ANTS has begun notifying affected individuals directly and stated that no immediate action is required to secure user accounts.

However, cybersecurity experts warn that the exposed data could be weaponized in follow-on attacks.

For example, attackers could use leaked identity details to craft convincing phishing emails impersonating official services, or smishing messages requesting urgent action on fake administrative issues.

Citizens are strongly advised to verify all unsolicited communications, especially those requesting personal or financial information.

Suspicious emails, SMS messages, or calls claiming to be from government entities should be treated with caution.

ANTS also emphasized that the distribution or use of the stolen data is a criminal offense under French law.

This incident highlights the growing threat to government digital infrastructure and the cascading risks associated with large-scale identity data breaches in highly centralized systems.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post France Confirms Data Breach After Hackers Claim Massive Data Leak appeared first on Cyber Security News.